andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kasten/k10/7.0.501/templates/ocp-ca-cert-extract-hook.yaml

196 lines
5.9 KiB
YAML
Raw Blame History

{{- if (include "k10.ocpcacertsautoextraction" .) -}}
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: openshift-cluster-config-reader
rules:
- apiGroups: ["config.openshift.io"]
resources: ["proxies", "apiservers"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: openshift-config-reader
namespace: openshift-config
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: openshift-ingress-operator-reader
namespace: openshift-ingress-operator
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: openshift-kube-apiserver-reader
namespace: openshift-kube-apiserver
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: {{ .Release.Namespace }}-configmaps-editor
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "get", "list", "watch", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: read-openshift-cluster-config
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openshift-cluster-config-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: read-openshift-config
namespace: openshift-config
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: openshift-config-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: read-openshift-ingress-operator
namespace: openshift-ingress-operator
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: openshift-ingress-operator-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: read-openshift-kube-apiserver
namespace: openshift-kube-apiserver
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: openshift-kube-apiserver-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
name: edit-{{ .Release.Namespace }}-configmaps
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-ocp-ca-cert-extractor
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ .Release.Namespace }}-configmaps-editor
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-extract-ocp-ca-cert-job
labels:
{{ include "helm.labels" . | indent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
"helm.sh/hook-weight": "3"
spec:
template:
metadata:
name: {{ .Release.Name }}-extract-ocp-ca-cert-job
labels:
{{ include "helm.labels" . | indent 8 }}
spec:
restartPolicy: Never
serviceAccountName: {{ .Release.Name }}-ocp-ca-cert-extractor
containers:
- name: {{ .Release.Name }}-extract-ocp-ca-cert-job
image: {{ include "k10.k10ToolsImage" . }}
command: ["./k10tools", "openshift", "extract-certificates"]
args: ["-n", "{{ .Release.Namespace }}", "--release-name", "{{ .Release.Name }}", "--ca-cert-configmap-name", "{{ .Values.cacertconfigmap.name }}"]
backoffLimit: 0
{{ end }}
Reference in New Issue View Git Blame Copy Permalink